Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)

Description

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.

Remediation

References

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15005)

WordPress Plugin Favicon by RealFaviconGenerator Unspecified Vulnerability (1.2.13)

MediaWiki Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-44856)

MySQL Other Vulnerability (CVE-2016-0705)

WordPress Plugin WP Realtime Sitemap Multiple Unspecified Vulnerabilities (1.5.5)

Severity

High

Classification

CVE-2019-17304 CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities